\chapter{Implementation Proposed Method}
\label{cha:impl}
 

This Survey is done as a feasibility study and knowledge gathering study to implement a Intrusion Detection System as describes in the earlier chapter. The implementation technologies used to implement some of the components in the above IDS will be proposed in this chapter.

\paragraph{
VRPCs can be used to share the memory between the IDS and the Monitored Host when the State of the Monitored System needs to be Checked by the IDS.
}
\emph{VRPC}
Virtual Remote Procedure calls (VRPCs) are used to requests memory locations from one VM to another. The VRPC have been introduced in SVFS \cite{protSensFiles}. VRPC provides a Virtual Machine on Xen to allocate a memory region and report this region to another Virtual Machine. Then the other VM can map that memory region to its own address space and access that memory directly.
VRPC shares the same  protocol and working flow with standard RPC, but differ from RPC by not relying on the Network for data exchange. VRPC uses memory re-mapping support provided by Xen,  which improves the memeory access performance.
It uses the event channel mechanism provided by Xen to allow a request or response producer to notify the other party that new data is available. Event channels enables a VM to setup a point-to-point synchronization channel to another VM.


\paragraph{
The IDS requires the capture and taking preventive measures for the intrusive activities that happen,
}
There is a Honeypot Implementation on Xen \cite{VEE06} Which uses Sensors to Detect and log the activities of a Monitored Host using XEN Virtualization. In their research they have created a new Hypercall for Xen which enables The VMM to communicate events occurring on the Monitored Host with the HoneyPot Monitor. Using this they have implemented Socket Sensor, Inode Access Sensor, Stream Redirection Sensor and Argument Capture Sensor. They also show that Xen Offers good Performance when doing these Detection Activities.
A method similar to this can be used to capture different kinds of Activities happening on the Monitored Host which are needed for the IDS.

\paragraph{
Denial of Service attacks are possible on the above IDS by misusing the uncontrolled resources usage by the VMs. Controlled Sharing and regulation of resources is needed to mediate this.
}
\emph{sHype}
In any Hypervisor available today as well as in XEN, the controlled sharing of resources between VM's is not implemented. sHype is a security architecture for virtualization environments that control the sharing of resources among VMs according to formal security policies. There is a implementation of sHype on XEN \cite{sHypeXen} which can be of use for the IDS discusses above.
sHype regulates the use of resources that are allocated to each VM. The importance of this being that, sHype does not allow any misbehaving VM to saturate the disk, network, memory bandwidth or CPU which in turn can distrupt other Virtual Machines. This prevents a Denial of Service Attack on the IDS implementation.
sHype works by mediating access to hardware resources at a low level, therefore it doesn't need different implementations for different OSs.





